You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by am...@apache.org on 2016/01/23 01:13:44 UTC
trafficserver git commit: TS-4145: Fix cross-site scripting exploits
in error messages. This closes #436.
Repository: trafficserver
Updated Branches:
refs/heads/master 46edfde61 -> 0c7bff91f
TS-4145: Fix cross-site scripting exploits in error messages.
This closes #436.
Address potential cross-site scripting exploits in the
following files:
1.) Replace the variable psh with epsh in files:
proxy/config/body_factory/default/redirect#moved_temporarily
proxy/config/body_factory/default/redirect#moved_permanently
2.) Variable cqh in proxy/config/body_factory/default/access#redirect_url
should be replaced with ecqh. However the files appears unutilized in
ATS 6.0.0, hence remove from Makefile alltogether.
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/0c7bff91
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/0c7bff91
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/0c7bff91
Branch: refs/heads/master
Commit: 0c7bff91f4f8cafa5a9b4dd61c52d8e4398b6ab9
Parents: 46edfde
Author: dchokshi <dc...@cisco.com>
Authored: Fri Jan 22 15:51:56 2016 -0500
Committer: Alan M. Carroll <am...@apache.org>
Committed: Fri Jan 22 18:10:26 2016 -0600
----------------------------------------------------------------------
proxy/config/body_factory/default/Makefile.am | 1 -
proxy/config/body_factory/default/redirect#moved_permanently | 2 +-
proxy/config/body_factory/default/redirect#moved_temporarily | 2 +-
3 files changed, 2 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0c7bff91/proxy/config/body_factory/default/Makefile.am
----------------------------------------------------------------------
diff --git a/proxy/config/body_factory/default/Makefile.am b/proxy/config/body_factory/default/Makefile.am
index a9402ba..d89311a 100644
--- a/proxy/config/body_factory/default/Makefile.am
+++ b/proxy/config/body_factory/default/Makefile.am
@@ -21,7 +21,6 @@ bodyfactorydir = $(pkgsysconfdir)/body_factory/default
dist_bodyfactory_DATA = \
access\#denied \
access\#proxy_auth_required \
- access\#redirect_url \
access\#ssl_forbidden \
.body_factory_info \
cache\#not_in_cache \
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0c7bff91/proxy/config/body_factory/default/redirect#moved_permanently
----------------------------------------------------------------------
diff --git a/proxy/config/body_factory/default/redirect#moved_permanently b/proxy/config/body_factory/default/redirect#moved_permanently
index a5c5036..171e927 100644
--- a/proxy/config/body_factory/default/redirect#moved_permanently
+++ b/proxy/config/body_factory/default/redirect#moved_permanently
@@ -8,7 +8,7 @@
<HR>
<FONT FACE="Helvetica,Arial"><B>
-Description: The document you requested has moved to a new location. The new location is "%<{Location}psh>".
+Description: The document you requested has moved to a new location. The new location is "%<{Location}epsh>".
</B></FONT>
<HR>
</BODY>
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0c7bff91/proxy/config/body_factory/default/redirect#moved_temporarily
----------------------------------------------------------------------
diff --git a/proxy/config/body_factory/default/redirect#moved_temporarily b/proxy/config/body_factory/default/redirect#moved_temporarily
index a5c5036..171e927 100644
--- a/proxy/config/body_factory/default/redirect#moved_temporarily
+++ b/proxy/config/body_factory/default/redirect#moved_temporarily
@@ -8,7 +8,7 @@
<HR>
<FONT FACE="Helvetica,Arial"><B>
-Description: The document you requested has moved to a new location. The new location is "%<{Location}psh>".
+Description: The document you requested has moved to a new location. The new location is "%<{Location}epsh>".
</B></FONT>
<HR>
</BODY>